Vulnerabilities > Hcltech

DATE CVE VULNERABILITY TITLE RISK
2022-08-29 CVE-2022-27558 Weak Password Requirements vulnerability in Hcltech Domino and HCL Inotes
HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability.
network
low complexity
hcltech CWE-521
7.5
2022-07-19 CVE-2022-27544 Insufficiently Protected Credentials vulnerability in Hcltech Bigfix Platform
BigFix Web Reports authorized users may see SMTP credentials in clear text.
network
low complexity
hcltech CWE-522
6.5
2022-07-19 CVE-2022-27545 Cross-site Scripting vulnerability in Hcltech Bigfix Platform
BigFix Web Reports authorized users may perform HTML injection for the email administrative configuration page.
network
low complexity
hcltech CWE-79
5.4
2022-06-09 CVE-2021-27786 Incorrect Comparison vulnerability in Hcltech Onetest Server 10.0/10.1/10.2
Cross-origin resource sharing (CORS) enables browsers to perform cross domain requests in a controlled manner.
network
low complexity
hcltech CWE-697
critical
9.8
2022-06-01 CVE-2021-27778 Cross-site Scripting vulnerability in Hcltech Traveler 10.0.0.0/12.0.1.0
HCL Traveler is vulnerable to a cross-site scripting (XSS) caused by improper validation of the Name parameter for Approved Applications in the Traveler administration web pages.
network
low complexity
hcltech CWE-79
4.8
2022-05-27 CVE-2021-27780 Unspecified vulnerability in Hcltech Bigfix Mobile and Modern Client Management
The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment.
network
low complexity
hcltech
5.3
2022-05-27 CVE-2021-27781 Cross-site Scripting vulnerability in Hcltech Bigfix Mobile and Modern Client Management
The Master operator may be able to embed script tag in HTML with alert pop-up display cookie.
network
low complexity
hcltech CWE-79
4.8
2022-05-25 CVE-2021-27779 Missing Encryption of Sensitive Data vulnerability in Hcltech Versionvault Express 2.0.1
VersionVault Express exposes sensitive information that an attacker can use to impersonate the server or eavesdrop on communications with the server.
network
low complexity
hcltech CWE-311
critical
9.1
2022-05-25 CVE-2021-27783 Missing Encryption of Sensitive Data vulnerability in Hcltech Bigfix Mobile and Bigfix Modern Client Management
User generated PPKG file for Bulk Enroll may have unencrypted sensitive information exposed.
network
low complexity
hcltech CWE-311
6.5
2022-05-19 CVE-2020-4107 Unspecified vulnerability in Hcltech Domino 10.0/11.0/9.0
HCL Domino is affected by an Insufficient Access Control vulnerability.
local
low complexity
hcltech
7.8